Category Archives: Web Security

Execute this! Looking at code-loading techniques in Android

Recently, several research efforts related to the security of the Android mobile platform showed how often Android applications are affected by severe security vulnerabilities. During the last summer, we decided to investigate how benign and malicious Android apps use a … Continue reading

Posted in Web Security | Leave a comment

deDacota: Toward Preventing Server-Side XSS via Automatic Code and Data Separation

[cross-posted from http://adamdoupe.com/blog/2013/09/05/dedacota-toward-preventing-server-side-xss-via-automatic-code-and-data-separation/%5D This post is an overview of the paper deDacota: Toward Preventing Server-Side XSS via Automatic Code and Data Separation which was written as a collaboration between the UC Santa Barbara Seclab and Microsoft Research, by yours truly. … Continue reading

Posted in Web Security | Leave a comment

What The Fork: how to immediately block *any* Android device

[cross-posted from http://reyammer.blogspot.com/2013/06/what-fork-how-to-immediately-block-any.html] What if an unprivileged Android app could lock, instantaneously, any Android device out there? What if such an app exists and is also really simple to implement? A few months ago, Antonio and I stumbled upon a paper titled Would You Mind Forking … Continue reading

Posted in Web Security | Tagged , | Leave a comment

Could the AP Twitter hack have been prevented?

Twitter hacks can cause a lot of damage. It is news of this week that the Associated Press Twitter account got compromised, and sent a tweet announcing that the White House had been hit by a terrorist attack, and that … Continue reading

Posted in Web Security | Tagged | Leave a comment

Clickonomics: Determining the Effect of Anti-Piracy Measures for One-Click Hosting

The Digital Millennium Copyright Act (DCMA) already allows copyright owners to have infringing files taken down from hosting services and search engines. The Stop Online Privacy Act (SOPA) law proposal would have introduced a similar take-down scheme directed against entire … Continue reading

Posted in Web Security | Leave a comment

Paying for Piracy? An Analysis of One-Click Hosters’ Controversial Reward Schemes

Many Internet users have probably heard of Megaupload, not least because the site was shut down by the FBI in early 2012. Megaupload was one of the first and largest one-click hosters (or “cyberlockers”). While Megaupload may be offline at … Continue reading

Posted in Web Security | Leave a comment

A Security Analysis of Two Satphone Standards

There is a rich body of work related to the security aspects of cellular mobile phones, in particular with respect to the GSM and UMTS systems. Similarly to GSM, there exist two standards for satellite telephony called GMR-1 and GMR2. These two standards … Continue reading

Posted in Web Security | Leave a comment